From 1111dc8e5e9e78254c1a7a891d961713e1be9db0 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 29 Nov 2013 23:18:21 +0100 Subject: Remove cipher and MAC contexts Not a single implementation was using them... --- src/crypto.h | 24 ++++---------- .../aes128_ctr/nacl/cipher_aes128_ctr_nacl.c | 17 ++-------- .../cipher/aes128_ctr/openssl/aes128_ctr_openssl.c | 19 +++-------- .../cipher/blowfish_ctr/builtin/blowfish_ctr.c | 18 ++--------- src/crypto/cipher/ciphers.c.in | 23 +------------- src/crypto/cipher/null/memcpy/null_memcpy.c | 17 ++-------- src/crypto/cipher/salsa20/nacl/salsa20_nacl.c | 17 ++-------- src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c | 17 ++-------- src/crypto/mac/ghash/builtin/ghash_builtin.c | 17 ++-------- src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c | 15 ++------- src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h | 2 +- .../mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c | 2 +- src/crypto/mac/macs.c.in | 23 +------------- src/fastd.c | 14 -------- src/fastd.h | 3 -- src/methods/cipher_test/cipher_test.c | 15 ++++----- src/methods/composed_gmac/composed_gmac.c | 37 ++++++++++------------ src/methods/generic_gcm/generic_gcm.c | 24 +++++++------- src/methods/generic_gmac/generic_gmac.c | 22 ++++++------- src/methods/generic_poly1305/generic_poly1305.c | 15 ++++----- src/types.h | 3 -- 21 files changed, 86 insertions(+), 258 deletions(-) diff --git a/src/crypto.h b/src/crypto.h index 968483e..7ee73cd 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -38,13 +38,9 @@ struct fastd_cipher_info { struct fastd_cipher { bool (*available)(void); - fastd_cipher_context_t* (*initialize)(fastd_context_t *ctx); - fastd_cipher_state_t* (*init_state)(fastd_context_t *ctx, const fastd_cipher_context_t *cctx, const uint8_t *key); - + fastd_cipher_state_t* (*init)(fastd_context_t *ctx, const uint8_t *key); bool (*crypt)(fastd_context_t *ctx, const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const uint8_t *iv); - - void (*free_state)(fastd_context_t *ctx, fastd_cipher_state_t *state); - void (*free)(fastd_context_t *ctx, fastd_cipher_context_t *cctx); + void (*free)(fastd_context_t *ctx, fastd_cipher_state_t *state); }; @@ -55,24 +51,16 @@ struct fastd_mac_info { struct fastd_mac { bool (*available)(void); - fastd_mac_context_t* (*initialize)(fastd_context_t *ctx); - fastd_mac_state_t* (*init_state)(fastd_context_t *ctx, const fastd_mac_context_t *mctx, const uint8_t *key); - + fastd_mac_state_t* (*init)(fastd_context_t *ctx, const uint8_t *key); bool (*hash)(fastd_context_t *ctx, const fastd_mac_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t n_blocks); - - void (*free_state)(fastd_context_t *ctx, fastd_mac_state_t *state); - void (*free)(fastd_context_t *ctx, fastd_mac_context_t *mctx); + void (*free)(fastd_context_t *ctx, fastd_mac_state_t *state); }; -void fastd_cipher_init(fastd_context_t *ctx); -void fastd_cipher_free(fastd_context_t *ctx); const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name); -const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_context_t **cctx); +const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info); -void fastd_mac_init(fastd_context_t *ctx); -void fastd_mac_free(fastd_context_t *ctx); const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name); -const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_info_t **info, const fastd_mac_context_t **cctx); +const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_info_t **info); #endif /* _FASTD_CRYPTO_H_ */ diff --git a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c index 783a9d1..f4756a3 100644 --- a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c +++ b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c @@ -33,11 +33,7 @@ struct __attribute__((aligned(16))) fastd_cipher_state { }; -static fastd_cipher_context_t* aes128_ctr_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - -static fastd_cipher_state_t* aes128_ctr_init_state(fastd_context_t *ctx, const fastd_cipher_context_t *cctx UNUSED, const uint8_t *key) { +static fastd_cipher_state_t* aes128_ctr_init(fastd_context_t *ctx, const uint8_t *key) { fastd_block128_t k; memcpy(k.b, key, sizeof(fastd_block128_t)); @@ -56,24 +52,17 @@ static bool aes128_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_sta return true; } -static void aes128_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { +static void aes128_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); free(state); } } -static void aes128_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { -} - const fastd_cipher_t fastd_cipher_aes128_ctr_nacl = { .available = fastd_true, - .initialize = aes128_ctr_initialize, - .init_state = aes128_ctr_init_state, - + .init = aes128_ctr_init, .crypt = aes128_ctr_crypt, - - .free_state = aes128_ctr_free_state, .free = aes128_ctr_free, }; diff --git a/src/crypto/cipher/aes128_ctr/openssl/aes128_ctr_openssl.c b/src/crypto/cipher/aes128_ctr/openssl/aes128_ctr_openssl.c index 6917333..b3c739c 100644 --- a/src/crypto/cipher/aes128_ctr/openssl/aes128_ctr_openssl.c +++ b/src/crypto/cipher/aes128_ctr/openssl/aes128_ctr_openssl.c @@ -28,16 +28,12 @@ #include -struct __attribute__((aligned(16))) fastd_cipher_state { +struct fastd_cipher_state { EVP_CIPHER_CTX *aes; }; -static fastd_cipher_context_t* aes128_ctr_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - -static fastd_cipher_state_t* aes128_ctr_init_state(fastd_context_t *ctx UNUSED, const fastd_cipher_context_t *cctx UNUSED, const uint8_t *key) { +static fastd_cipher_state_t* aes128_ctr_init(fastd_context_t *ctx UNUSED, const uint8_t *key) { fastd_cipher_state_t *state = malloc(sizeof(fastd_cipher_state_t)); state->aes = EVP_CIPHER_CTX_new(); @@ -64,24 +60,17 @@ static bool aes128_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_sta return true; } -static void aes128_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { +static void aes128_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { if (state) { EVP_CIPHER_CTX_free(state->aes); free(state); } } -static void aes128_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { -} - const fastd_cipher_t fastd_cipher_aes128_ctr_openssl = { .available = fastd_true, - .initialize = aes128_ctr_initialize, - .init_state = aes128_ctr_init_state, - + .init = aes128_ctr_init, .crypt = aes128_ctr_crypt, - - .free_state = aes128_ctr_free_state, .free = aes128_ctr_free, }; diff --git a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c index 70c4d35..3e82e38 100644 --- a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c +++ b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c @@ -182,11 +182,6 @@ struct fastd_cipher_state { }; -static fastd_cipher_context_t* blowfish_ctr_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - - static inline void bf_ntohl(uint32_t *v, size_t len) { size_t i; for (i = 0; i < len; i++) @@ -214,7 +209,7 @@ static inline uint32_t bf_f(const fastd_cipher_state_t *state, uint32_t x) { BF_SWAP(L, R); \ }) -static fastd_cipher_state_t* blowfish_ctr_init_state(fastd_context_t *ctx UNUSED, const fastd_cipher_context_t *cctx UNUSED, const uint8_t *key) { +static fastd_cipher_state_t* blowfish_ctr_init(fastd_context_t *ctx UNUSED, const uint8_t *key) { uint32_t key32[14]; memcpy(key32, key, 56); bf_ntohl(key32, 14); @@ -276,24 +271,17 @@ static bool blowfish_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_s return true; } -static void blowfish_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { +static void blowfish_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); free(state); } } -static void blowfish_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { -} - const fastd_cipher_t fastd_cipher_blowfish_ctr_builtin = { .available = fastd_true, - .initialize = blowfish_ctr_initialize, - .init_state = blowfish_ctr_init_state, - + .init = blowfish_ctr_init, .crypt = blowfish_ctr_crypt, - - .free_state = blowfish_ctr_free_state, .free = blowfish_ctr_free, }; diff --git a/src/crypto/cipher/ciphers.c.in b/src/crypto/cipher/ciphers.c.in index b3c6b1b..72ea3d2 100644 --- a/src/crypto/cipher/ciphers.c.in +++ b/src/crypto/cipher/ciphers.c.in @@ -89,24 +89,6 @@ bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, c return false; } -void fastd_cipher_init(fastd_context_t *ctx) { - ctx->cipher_contexts = calloc(array_size(ciphers), sizeof(fastd_cipher_context_t*)); - - size_t i; - for (i = 0; i < array_size(ciphers); i++) { - if (ctx->conf->ciphers[i]) - ctx->cipher_contexts[i] = ctx->conf->ciphers[i]->initialize(ctx); - } -} - -void fastd_cipher_free(fastd_context_t *ctx) { - size_t i; - for (i = 0; i < array_size(ciphers); i++) - ctx->conf->ciphers[i]->free(ctx, ctx->cipher_contexts[i]); - - free(ctx->cipher_contexts); -} - const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name) { size_t i, j; for (i = 0; i < array_size(ciphers); i++) { @@ -124,16 +106,13 @@ const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name) { return NULL; } -const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_context_t **cctx) { +const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info) { size_t i; for (i = 0; i < array_size(ciphers); i++) { if (!strcmp(ciphers[i].name, name)) { if (info) *info = ciphers[i].info; - if (cctx) - *cctx = ctx->cipher_contexts[i]; - return ctx->conf->ciphers[i]; } } diff --git a/src/crypto/cipher/null/memcpy/null_memcpy.c b/src/crypto/cipher/null/memcpy/null_memcpy.c index 8c05b17..7f0b8b3 100644 --- a/src/crypto/cipher/null/memcpy/null_memcpy.c +++ b/src/crypto/cipher/null/memcpy/null_memcpy.c @@ -27,11 +27,7 @@ #include "../../../../crypto.h" -static fastd_cipher_context_t* null_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - -static fastd_cipher_state_t* null_init_state(fastd_context_t *ctx UNUSED, const fastd_cipher_context_t *cctx UNUSED, const uint8_t *key UNUSED) { +static fastd_cipher_state_t* null_init(fastd_context_t *ctx UNUSED, const uint8_t *key UNUSED) { return NULL; } @@ -40,20 +36,13 @@ static bool null_memcpy(fastd_context_t *ctx UNUSED, const fastd_cipher_state_t return true; } -static void null_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state UNUSED) { -} - -static void null_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { +static void null_free(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state UNUSED) { } const fastd_cipher_t fastd_cipher_null_memcpy = { .available = fastd_true, - .initialize = null_initialize, - .init_state = null_init_state, - + .init = null_init, .crypt = null_memcpy, - - .free_state = null_free_state, .free = null_free, }; diff --git a/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c b/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c index 457e39c..ed14c3c 100644 --- a/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c +++ b/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c @@ -33,11 +33,7 @@ struct __attribute__((aligned(16))) fastd_cipher_state { }; -static fastd_cipher_context_t* salsa20_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - -static fastd_cipher_state_t* salsa20_init_state(fastd_context_t *ctx UNUSED, const fastd_cipher_context_t *cctx UNUSED, const uint8_t *key) { +static fastd_cipher_state_t* salsa20_init(fastd_context_t *ctx UNUSED, const uint8_t *key) { fastd_cipher_state_t *state = malloc(sizeof(fastd_cipher_state_t)); memcpy(state->key, key, crypto_stream_salsa20_KEYBYTES); @@ -49,24 +45,17 @@ static bool salsa20_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_state_ return true; } -static void salsa20_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { +static void salsa20_free(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); free(state); } } -static void salsa20_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { -} - const fastd_cipher_t fastd_cipher_salsa20_nacl = { .available = fastd_true, - .initialize = salsa20_initialize, - .init_state = salsa20_init_state, - + .init = salsa20_init, .crypt = salsa20_crypt, - - .free_state = salsa20_free_state, .free = salsa20_free, }; diff --git a/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c b/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c index 9619afe..79f01c4 100644 --- a/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c +++ b/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c @@ -33,11 +33,7 @@ struct __attribute__((aligned(16))) fastd_cipher_state { }; -static fastd_cipher_context_t* salsa2012_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - -static fastd_cipher_state_t* salsa2012_init_state(fastd_context_t *ctx UNUSED, const fastd_cipher_context_t *cctx UNUSED, const uint8_t *key) { +static fastd_cipher_state_t* salsa2012_init(fastd_context_t *ctx UNUSED, const uint8_t *key) { fastd_cipher_state_t *state = malloc(sizeof(fastd_cipher_state_t)); memcpy(state->key, key, crypto_stream_salsa2012_KEYBYTES); @@ -49,24 +45,17 @@ static bool salsa2012_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_stat return true; } -static void salsa2012_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { +static void salsa2012_free(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); free(state); } } -static void salsa2012_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { -} - const fastd_cipher_t fastd_cipher_salsa2012_nacl = { .available = fastd_true, - .initialize = salsa2012_initialize, - .init_state = salsa2012_init_state, - + .init = salsa2012_init, .crypt = salsa2012_crypt, - - .free_state = salsa2012_free_state, .free = salsa2012_free, }; diff --git a/src/crypto/mac/ghash/builtin/ghash_builtin.c b/src/crypto/mac/ghash/builtin/ghash_builtin.c index 511e844..341408f 100644 --- a/src/crypto/mac/ghash/builtin/ghash_builtin.c +++ b/src/crypto/mac/ghash/builtin/ghash_builtin.c @@ -61,11 +61,7 @@ static inline void mulH_a(fastd_block128_t *x, const fastd_mac_state_t *cstate) } -static fastd_mac_context_t* ghash_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - -static fastd_mac_state_t* ghash_init_state(fastd_context_t *ctx UNUSED, const fastd_mac_context_t *mctx UNUSED, const uint8_t *key) { +static fastd_mac_state_t* ghash_init(fastd_context_t *ctx UNUSED, const uint8_t *key) { fastd_mac_state_t *state = malloc(sizeof(fastd_mac_state_t)); fastd_block128_t Hbase[4]; @@ -121,24 +117,17 @@ static bool ghash_hash(fastd_context_t *ctx UNUSED, const fastd_mac_state_t *sta return true; } -static void ghash_free_state(fastd_context_t *ctx UNUSED, fastd_mac_state_t *state) { +static void ghash_free(fastd_context_t *ctx UNUSED, fastd_mac_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); free(state); } } -static void ghash_free(fastd_context_t *ctx UNUSED, fastd_mac_context_t *mctx UNUSED) { -} - const fastd_mac_t fastd_mac_ghash_builtin = { .available = fastd_true, - .initialize = ghash_initialize, - .init_state = ghash_init_state, - + .init = ghash_init, .hash = ghash_hash, - - .free_state = ghash_free_state, .free = ghash_free, }; diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c index 11073a5..8f1edb0 100644 --- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c +++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c @@ -34,28 +34,17 @@ static bool ghash_available(void) { return ((fastd_cpuid()&REQ) == REQ); } -static fastd_mac_context_t* ghash_initialize(fastd_context_t *ctx UNUSED) { - return NULL; -} - -static void ghash_free_state(fastd_context_t *ctx UNUSED, fastd_mac_state_t *state) { +static void ghash_free(fastd_context_t *ctx UNUSED, fastd_mac_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); free(state); } } -static void ghash_free(fastd_context_t *ctx UNUSED, fastd_mac_context_t *mctx UNUSED) { -} - const fastd_mac_t fastd_mac_ghash_pclmulqdq = { .available = ghash_available, - .initialize = ghash_initialize, - .init_state = fastd_ghash_pclmulqdq_init_state, - + .init = fastd_ghash_pclmulqdq_init, .hash = fastd_ghash_pclmulqdq_hash, - - .free_state = ghash_free_state, .free = ghash_free, }; diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h index c2645f8..ccb1ecf 100644 --- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h +++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h @@ -32,5 +32,5 @@ struct fastd_mac_state { }; -fastd_mac_state_t* fastd_ghash_pclmulqdq_init_state(fastd_context_t *ctx, const fastd_mac_context_t *mctx, const uint8_t *key); +fastd_mac_state_t* fastd_ghash_pclmulqdq_init(fastd_context_t *ctx, const uint8_t *key); bool fastd_ghash_pclmulqdq_hash(fastd_context_t *ctx, const fastd_mac_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t n_blocks); diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c index 375cf91..134d4ed 100644 --- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c +++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c @@ -58,7 +58,7 @@ static inline __m128i byteswap(__m128i v) { } -fastd_mac_state_t* fastd_ghash_pclmulqdq_init_state(fastd_context_t *ctx UNUSED, const fastd_mac_context_t *mctx UNUSED, const uint8_t *key) { +fastd_mac_state_t* fastd_ghash_pclmulqdq_init(fastd_context_t *ctx UNUSED, const uint8_t *key) { fastd_mac_state_t *state = malloc(sizeof(fastd_mac_state_t)); vecblock_t h; diff --git a/src/crypto/mac/macs.c.in b/src/crypto/mac/macs.c.in index 3587322..c70473b 100644 --- a/src/crypto/mac/macs.c.in +++ b/src/crypto/mac/macs.c.in @@ -89,24 +89,6 @@ bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char return false; } -void fastd_mac_init(fastd_context_t *ctx) { - ctx->mac_contexts = calloc(array_size(macs), sizeof(fastd_mac_context_t*)); - - size_t i; - for (i = 0; i < array_size(macs); i++) { - if (ctx->conf->macs[i]) - ctx->mac_contexts[i] = ctx->conf->macs[i]->initialize(ctx); - } -} - -void fastd_mac_free(fastd_context_t *ctx) { - size_t i; - for (i = 0; i < array_size(macs); i++) - ctx->conf->macs[i]->free(ctx, ctx->mac_contexts[i]); - - free(ctx->mac_contexts); -} - const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name) { size_t i, j; for (i = 0; i < array_size(macs); i++) { @@ -124,16 +106,13 @@ const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name) { return NULL; } -const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_info_t **info, const fastd_mac_context_t **cctx) { +const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_info_t **info) { size_t i; for (i = 0; i < array_size(macs); i++) { if (!strcmp(macs[i].name, name)) { if (info) *info = macs[i].info; - if (cctx) - *cctx = ctx->mac_contexts[i]; - return ctx->conf->macs[i]; } } diff --git a/src/fastd.c b/src/fastd.c index 03ffc52..c75fa9b 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -152,16 +152,6 @@ static void close_log(fastd_context_t *ctx) { closelog(); } -static void crypto_init(fastd_context_t *ctx) { - fastd_cipher_init(ctx); - fastd_mac_init(ctx); -} - -static void crypto_free(fastd_context_t *ctx UNUSED) { - fastd_mac_free(ctx); - fastd_cipher_free(ctx); -} - static void init_sockets(fastd_context_t *ctx) { ctx->socks = malloc(ctx->conf->n_bind_addrs * sizeof(fastd_socket_t)); @@ -798,8 +788,6 @@ int main(int argc, char *argv[]) { /* change groups early as the can be relevant for file access (for PID file & log files) */ set_groups(&ctx); - crypto_init(&ctx); - init_sockets(&ctx); if (!fastd_socket_handle_binds(&ctx)) @@ -885,8 +873,6 @@ int main(int argc, char *argv[]) { free(ctx.eth_addr); free(ctx.ifname); - crypto_free(&ctx); - close_log(&ctx); fastd_config_release(&ctx, &conf); diff --git a/src/fastd.h b/src/fastd.h index e513a1d..4290421 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -300,9 +300,6 @@ struct fastd_context { fastd_stats_t tx_dropped; fastd_stats_t tx_error; - fastd_cipher_context_t **cipher_contexts; - fastd_mac_context_t **mac_contexts; - size_t eth_addr_size; size_t n_eth_addr; fastd_peer_eth_addr_t *eth_addr; diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c index 573e90a..067835e 100644 --- a/src/methods/cipher_test/cipher_test.c +++ b/src/methods/cipher_test/cipher_test.c @@ -33,12 +33,11 @@ struct fastd_method_session_state { const fastd_cipher_info_t *cipher_info; const fastd_cipher_t *cipher; - const fastd_cipher_context_t *cipher_ctx; fastd_cipher_state_t *cipher_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_t **cipher) { size_t len = strlen(name); if (len < 12) @@ -54,7 +53,7 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe const fastd_cipher_info_t *cipher_info = NULL; if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &cipher_info, cctx); + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &cipher_info); if (!*cipher) return false; } @@ -72,12 +71,12 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + return cipher_get(NULL, name, NULL, NULL); } static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *info; - if (!cipher_get(NULL, name, &info, NULL, NULL)) + if (!cipher_get(NULL, name, &info, NULL)) exit_bug(ctx, "cipher-test: can't get cipher key length"); return info->key_length; @@ -88,10 +87,10 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx)) + if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) exit_bug(ctx, "cipher-test: can't instanciate cipher"); - session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); + session->cipher_state = session->cipher->init(ctx, secret); pr_warn(ctx, "using cipher-test method; this method must be used for testing and benchmarks only"); @@ -116,7 +115,7 @@ static void method_session_superseded(fastd_context_t *ctx, fastd_method_session static void method_session_free(fastd_context_t *ctx, fastd_method_session_state_t *session) { if (session) { - session->cipher->free_state(ctx, session->cipher_state); + session->cipher->free(ctx, session->cipher_state); free(session); } } diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c index b8ee2f6..0705b7d 100644 --- a/src/methods/composed_gmac/composed_gmac.c +++ b/src/methods/composed_gmac/composed_gmac.c @@ -35,24 +35,21 @@ struct fastd_method_session_state { const fastd_cipher_info_t *cipher_info; const fastd_cipher_t *cipher; - const fastd_cipher_context_t *cipher_ctx; fastd_cipher_state_t *cipher_state; const fastd_cipher_info_t *gmac_cipher_info; const fastd_cipher_t *gmac_cipher; - const fastd_cipher_context_t *gmac_cipher_ctx; fastd_cipher_state_t *gmac_cipher_state; const fastd_mac_info_t *ghash_info; const fastd_mac_t *ghash; - const fastd_mac_context_t *ghash_ctx; fastd_mac_state_t *ghash_state; }; static bool cipher_get(fastd_context_t *ctx, const char *name, - const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, - const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher, const fastd_cipher_context_t **gmac_cctx) { + const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, + const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher) { if (!fastd_mac_info_get_by_name("ghash")) return false; @@ -80,8 +77,8 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t *gmac_info = NULL; if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx); - *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, &gmac_info, gmac_cctx); + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info); + *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, &gmac_info); if (!(*cipher && *gmac_cipher)) return false; } @@ -105,7 +102,7 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, static bool method_provides(const char *name) { const fastd_cipher_info_t *gmac_cipher_info; - if (!cipher_get(NULL, name, NULL, NULL, NULL, &gmac_cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, NULL, NULL, &gmac_cipher_info, NULL)) return false; if (gmac_cipher_info->iv_length <= COMMON_NONCEBYTES) @@ -118,7 +115,7 @@ static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *cipher_info; const fastd_cipher_info_t *gmac_cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, &gmac_cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, &cipher_info, NULL, &gmac_cipher_info, NULL)) exit_bug(ctx, "composed-gmac: can't get cipher key length"); return cipher_info->key_length + gmac_cipher_info->key_length; @@ -130,15 +127,15 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); if (!cipher_get(ctx, name, - &session->cipher_info, &session->cipher, &session->cipher_ctx, - &session->gmac_cipher_info, &session->gmac_cipher, &session->gmac_cipher_ctx)) + &session->cipher_info, &session->cipher, + &session->gmac_cipher_info, &session->gmac_cipher)) exit_bug(ctx, "composed-gmac: can't instanciate cipher"); - session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); + session->cipher_state = session->cipher->init(ctx, secret); if (session->cipher_info->iv_length && session->cipher_info->iv_length <= COMMON_NONCEBYTES) exit_bug(ctx, "composed-gmac: iv_length to small"); - session->gmac_cipher_state = session->gmac_cipher->init_state(ctx, session->gmac_cipher_ctx, secret + session->cipher_info->key_length); + session->gmac_cipher_state = session->gmac_cipher->init(ctx, secret + session->cipher_info->key_length); if (session->gmac_cipher_info->iv_length <= COMMON_NONCEBYTES) exit_bug(ctx, "composed-gmac: GMAC cipher iv_length to small"); @@ -148,18 +145,18 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c memset(zeroiv, 0, session->gmac_cipher_info->iv_length); if (!session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, &H, &ZERO_BLOCK, sizeof(fastd_block128_t), zeroiv)) { - session->cipher->free_state(ctx, session->cipher_state); - session->gmac_cipher->free_state(ctx, session->gmac_cipher_state); + session->cipher->free(ctx, session->cipher_state); + session->gmac_cipher->free(ctx, session->gmac_cipher_state); free(session); return NULL; } - session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx); + session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info); if (!session->ghash) exit_bug(ctx, "composed-gmac: can't instanciate ghash mac"); - session->ghash_state = session->ghash->init_state(ctx, session->ghash_ctx, H.b); + session->ghash_state = session->ghash->init(ctx, H.b); return session; } @@ -182,9 +179,9 @@ static void method_session_superseded(fastd_context_t *ctx, fastd_method_session static void method_session_free(fastd_context_t *ctx, fastd_method_session_state_t *session) { if (session) { - session->cipher->free_state(ctx, session->cipher_state); - session->gmac_cipher->free_state(ctx, session->gmac_cipher_state); - session->ghash->free_state(ctx, session->ghash_state); + session->cipher->free(ctx, session->cipher_state); + session->gmac_cipher->free(ctx, session->gmac_cipher_state); + session->ghash->free(ctx, session->ghash_state); free(session); } diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c index 9481100..52065eb 100644 --- a/src/methods/generic_gcm/generic_gcm.c +++ b/src/methods/generic_gcm/generic_gcm.c @@ -33,17 +33,15 @@ struct fastd_method_session_state { const fastd_cipher_info_t *cipher_info; const fastd_cipher_t *cipher; - const fastd_cipher_context_t *cipher_ctx; fastd_cipher_state_t *cipher_state; const fastd_mac_info_t *ghash_info; const fastd_mac_t *ghash; - const fastd_mac_context_t *ghash_ctx; fastd_mac_state_t *ghash_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher) { if (!fastd_mac_info_get_by_name("ghash")) return false; @@ -62,7 +60,7 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe const fastd_cipher_info_t *info = NULL; if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, name_ctr, &info, cctx); + *cipher = fastd_cipher_get_by_name(ctx, name_ctr, &info); if (!*cipher) return false; } @@ -83,12 +81,12 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + return cipher_get(NULL, name, NULL, NULL); } static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, &cipher_info, NULL)) exit_bug(ctx, "generic-gcm: can't get cipher key length"); return cipher_info->key_length; @@ -99,10 +97,10 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx)) + if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) exit_bug(ctx, "generic-gcm: can't instanciate cipher"); - session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); + session->cipher_state = session->cipher->init(ctx, secret); static const fastd_block128_t zeroblock = {}; fastd_block128_t H; @@ -114,16 +112,16 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c memset(zeroiv, 0, session->cipher_info->iv_length); if (!session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv)) { - session->cipher->free_state(ctx, session->cipher_state); + session->cipher->free(ctx, session->cipher_state); free(session); return NULL; } - session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx); + session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info); if (!session->ghash) exit_bug(ctx, "generic-gcm: can't instanciate ghash mac"); - session->ghash_state = session->ghash->init_state(ctx, session->ghash_ctx, H.b); + session->ghash_state = session->ghash->init(ctx, H.b); return session; } @@ -153,8 +151,8 @@ static void method_session_superseded(fastd_context_t *ctx, fastd_method_session static void method_session_free(fastd_context_t *ctx, fastd_method_session_state_t *session) { if (session) { - session->cipher->free_state(ctx, session->cipher_state); - session->ghash->free_state(ctx, session->ghash_state); + session->cipher->free(ctx, session->cipher_state); + session->ghash->free(ctx, session->ghash_state); free(session); } diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c index 5501076..4de7ad8 100644 --- a/src/methods/generic_gmac/generic_gmac.c +++ b/src/methods/generic_gmac/generic_gmac.c @@ -33,17 +33,15 @@ struct fastd_method_session_state { const fastd_cipher_info_t *cipher_info; const fastd_cipher_t *cipher; - const fastd_cipher_context_t *cipher_ctx; fastd_cipher_state_t *cipher_state; const fastd_mac_info_t *ghash_info; const fastd_mac_t *ghash; - const fastd_mac_context_t *ghash_ctx; fastd_mac_state_t *ghash_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher) { if (!fastd_mac_info_get_by_name("ghash")) return false; @@ -65,7 +63,7 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe const fastd_cipher_info_t *info = NULL; if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx); + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info); if (!*cipher) return false; } @@ -86,12 +84,12 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + return cipher_get(NULL, name, NULL, NULL); } static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, &cipher_info, NULL)) exit_bug(ctx, "generic-gmac: can't get cipher key length"); return cipher_info->key_length + sizeof(fastd_block128_t); @@ -102,19 +100,19 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx)) + if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) exit_bug(ctx, "generic-gmac: can't instanciate cipher"); - session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); + session->cipher_state = session->cipher->init(ctx, secret); if (session->cipher_info->iv_length <= COMMON_NONCEBYTES) exit_bug(ctx, "generic-gmac: iv_length to small"); - session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx); + session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info); if (!session->ghash) exit_bug(ctx, "generic-gmac: can't instanciate ghash mac"); - session->ghash_state = session->ghash->init_state(ctx, session->ghash_ctx, secret + session->cipher_info->key_length); + session->ghash_state = session->ghash->init(ctx, secret + session->cipher_info->key_length); return session; } @@ -144,8 +142,8 @@ static void method_session_superseded(fastd_context_t *ctx, fastd_method_session static void method_session_free(fastd_context_t *ctx, fastd_method_session_state_t *session) { if (session) { - session->cipher->free_state(ctx, session->cipher_state); - session->ghash->free_state(ctx, session->ghash_state); + session->cipher->free(ctx, session->cipher_state); + session->ghash->free(ctx, session->ghash_state); free(session); } diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c index 3820907..c40e70f 100644 --- a/src/methods/generic_poly1305/generic_poly1305.c +++ b/src/methods/generic_poly1305/generic_poly1305.c @@ -38,12 +38,11 @@ struct fastd_method_session_state { const fastd_cipher_info_t *cipher_info; const fastd_cipher_t *cipher; - const fastd_cipher_context_t *cipher_ctx; fastd_cipher_state_t *cipher_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher) { size_t len = strlen(name); if (len < 9) @@ -59,7 +58,7 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe const fastd_cipher_info_t *info = NULL; if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx); + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info); if (!*cipher) return false; } @@ -80,12 +79,12 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + return cipher_get(NULL, name, NULL, NULL); } static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, &cipher_info, NULL)) exit_bug(ctx, "generic-poly1305: can't get cipher key length"); return cipher_info->key_length; @@ -96,10 +95,10 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx)) + if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) exit_bug(ctx, "generic-poly1305: can't instanciate cipher"); - session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); + session->cipher_state = session->cipher->init(ctx, secret); if (session->cipher_info->iv_length <= COMMON_NONCEBYTES) exit_bug(ctx, "generic-poly1305: iv_length to small"); @@ -125,7 +124,7 @@ static void method_session_superseded(fastd_context_t *ctx, fastd_method_session static void method_session_free(fastd_context_t *ctx, fastd_method_session_state_t *session) { if (session) { - session->cipher->free_state(ctx, session->cipher_state); + session->cipher->free(ctx, session->cipher_state); free(session); } } diff --git a/src/types.h b/src/types.h index 2796f38..fc26f3a 100644 --- a/src/types.h +++ b/src/types.h @@ -143,10 +143,7 @@ typedef struct fastd_protocol_peer_state fastd_protocol_peer_state_t; typedef struct fastd_method_session_state fastd_method_session_state_t; -typedef struct fastd_cipher_context fastd_cipher_context_t; typedef struct fastd_cipher_state fastd_cipher_state_t; - -typedef struct fastd_mac_context fastd_mac_context_t; typedef struct fastd_mac_state fastd_mac_state_t; #endif /* _FASTD_TYPES_H_ */ -- cgit v1.2.3